Registration is now live for the Security Development Conference 2013, hosted in San Francisco, CA on May 14 – 15, 2013.  If you register today you’ll save 50% off the normal registration fee.

This year’s conference will include keynote speakers Edna M. Conway, Chief Security Strategist, Cisco Systems Inc.; Brad Arkin, senior director, Security, Adobe products and services; and Scott Charney, corporate vice president, Trustworthy Computing, Microsoft Corp.    Event tracks will include: Engineering for Secure Data, Security Development Lifecycle & Data Security, and Business Risk & Data Security. Track sessions will cover the latest in proven security development techniques that help reduce risk and protect organizations in the ever-changing technology landscape.

The Security Development Conference brings together IT security professionals to network, learn and discuss secure development best practices. Attendees from around the world will hear from leading security experts, build their professional networks, and learn how to implement or accelerate adoption of secure development practices within their own organizations. 

For more information, I encourage you to check out the website at www.securitydevelopmentconference.com.

Steve Lipner
Partner Director of Program Management
Microsoft Trustworthy Computing

 

...

Adam Shostack here. In the holiday spirit I wanted to share an academic-style paper on the Elevation of Privilege Threat Modeling card game ( EoP_Whitepaper.pdf ) . The paper describes the motivation, experience and lessons learned in creating the game...

Arjuna Shunn here. Our friends over on the security blog have done up a series of posts about SDL and compliance which are worth reading. Using data from numerous sources, ranging from our SDL and HIPAA whitepaper, our SDL and PCI DSS/PA-DSS whitepaper...

Doug Cavit here.  I’m happy to announce that we have now released The SDL Chronicles.  We have been working with many outside institutions to help document their secure application development journey and what they learned.  Together, these stories make up The SDL Chronicles.  It is really interesting to me to see all these stories collectively rather than as individual pieces.  It is much easier now to see the similarities in what all of these institutions underwent in understanding the new challenging threat landscape. They then built consensus for not just doing the “quick fix” but for solving the problem systemically through a cultural shift. From this effort they were able to realize not only the benefits of enhanced security but also reaping direct benefits for doing the right thing in terms of more productivity and an excellent ROI.  All of these stories conclusively show that process and culture matters and while it may take some time and resources the net result is worth the investment.

...